最新的CheckPoint Check Point Certified Security Administrator R71 - 156-215-71免費考試真題
The fw monitor utility would be best to troubleshoot which of the following problems?
正確答案: B
Which SmartConsole component can Administrators use to track remote administrative activities?
正確答案: B
You have created a Rule Base for firewall, websydney. Now you are going to create a new policy package with security and address translation rules for a second Gateway. What is TRUE about the new package's NAT rules?
正確答案: B
Although SIC was already established and running, Joe reset SIC between the Security Management Server and a remote Gateway. He set a new activation key on the Gateway's side with the cpconfig command and put in the same activation key in the Gateway's object on the Security Management Server Unfortunately SIC cannot be established. What is a possible reason for the problem?
正確答案: B
You just installed a new Web server in the DMZ that must be reachable from the Internet. You create a manual Static NAT rule as follows:
"web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed". Which statements are possible reasons for this?
i) There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server.
iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
iv) There is no ARP table entry for the public IP address of the protected Web server.
"web_public_IP" is the node object that represents the public IP address of the new Web server. "web_private_IP" is the node object that represents the new Web site's private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet, you see the error "page cannot be displayed". Which statements are possible reasons for this?
i) There is no route defined on the Security Gateway for the public IP address to the private IP address of the Web server.
ii) There is no Security Policy defined that allows HTTP traffic to the protected Web server.
iii) There is an ARP entry on the Gateway but the settings Merge Manual proxy ARP and Automatic ARP configuration are enabled in Global Properties. The Security Gateway ignores manual ARP entries.
iv) There is no ARP table entry for the public IP address of the protected Web server.
正確答案: B
Which of the following R71 SmartView Tracker views will display a popup warning about performance implications on the Security Gateway?
正確答案: B
A Web server behind the Security Gateway is set to Automatic Static NAT. Client side NAT is not checked in the Global Properties. A client on the Internet initiates a session to the Web Server. Assuming there is a rule allowing this traffic, what other configuration must be done to allow the traffic to reach the Web server?
正確答案: C
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R71 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
When you run fw monitor on the R71 Security Gateway and then start a new HTTP connection from host 10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
正確答案: A
What do you use to view a R71 Security Gateway's status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?
正確答案: B
Which VPN Community object is used to configure Hub Mode VPN routing in SmartDashboard?
正確答案: A